Privacy Policy

Last Updated: 21/01/2025

1. Introduction

“GoNuclei" (“Platform”). The content of the Platform is the property of CDNA Technologies Private Limited ("we," "our," "us") and is committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, disclose, and retain your personal data in compliance with the General Data Protection Regulation (GDPR), IT Act, 2000 & IT Rules, 2011 and other applicable data protection laws.

2. Definitions

Personal data refers to any data that identifies you, such as your name, email, or device ID. Processing includes any operation performed on personal data, such as collection, storage, or modification. 

The data controller (CDNA Tech Pvt Ltd) determines how and why data is processed, while a data processor handles personal data on behalf of a data controller. 

Users are individuals interacting with an application that includes our SDK.

3. What Data We Collect

We may collect and process the following categories of personal data, depending on the product you are using:

Direct from the User Interaction: (e.g., Using the products, filling out forms, email correspondence).

  • Identity Data: Name, title, date of birth, gender, identity proof, nationality.
  • Contact Data: Address, email address, phone numbers, Address etc.
  • Usage Data: Information about how you use our products, and services.
  • Marketing and Communications Data: Preferences for receiving marketing materials and communication history.

Passive Collection : 

In Addition, we may passively collect the following technical information only for service functionality, security, and debugging purposes:

  • App Information: App Version, App Version Code, Partner App Version, IP Address, LatLng
  • Device Data: Device ID, Device Type, OS Version, FCM-token, Device-Token
  • Display & Localization: Screen Density, Locale

4. How We Process and Store Data

Our data processing follows key principles to ensure security and compliance. 

We minimize data collection to only what is necessary and limit data usage to specific, legitimate purposes. Data is stored securely using encryption measures, and strict access controls are in place to prevent unauthorized access. 

Where possible, we anonymize data to further enhance privacy protection.

5. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contractual Necessity: To perform a contract with you and with our partners ( eg. User authentication data processing)
  • Consent: Where you have provided clear and explicit consent. (eg. marketing related emails or push notifications etc)
  • legitimate interest : Fraud prevention measures rely on legitimate interest, and analytics data is used for service improvement under the same principle.
  • Legal Obligation: To comply with applicable laws.
  • Legitimate Interests: For our business interests, provided they do not override your fundamental rights.

Our processing complies with both GDPR and the Indian IT Act.

6. Data Sharing and International Transfers

We do not sell personal data but may share it with trusted third-party service providers for operational purposes. 

These include cloud storage providers such as Microsoft Azure, communication services like Firebase for push notifications, and email providers such as SendGrid. If data is transferred internationally, we ensure compliance through legal safeguards.

In GDPR context, If we transfer your personal data outside the European Economic Area (EEA), we will ensure it is protected through:

  • Standard Contractual Clauses ( SCC ) approved by the European Commission.
  • An adequacy decision by the European Commission.
  • Data Protection Agreement (DPA)
  • Other legally recognized safeguards.

7. Data Retention

We retain your personal data as per our internal Data Retention Policy, which aligns with legal and regulatory requirements. 

We will retain your personal data for as long as necessary to fulfill the purposes.

The retention duration varies based on the type of data and processing needs. For instance, Primary booking user details will be retained for eight years to comply with legal obligations whereas other traveller details will be deleted after one year of the travel/stay date, for customer support or dispute resolution. And if provided explicit consent it can be retained longer as well.

Transactions records are kept for up to eight years to comply with legal obligations. Once the retention period expires, data is securely deleted or anonymized.

8. Your Rights Under GDPR and the Indian IT Act

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data.
  • Restriction: Request restriction of processing.
  • Portability: Request transfer of your data to you or a third party.
  • Objection: Object to data processing based on legitimate interests or direct marketing.
  • Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise your rights, contact us at privacy@gonulcei.com. We may request proof of identity before processing your request. 

Your request will be responded to within 30 days. If additional time is needed due to complexity or volume of requests, we will inform you within this period and provide an estimated response time.

9. Cookies and Similar Technologies

Our website/sdk uses cookies to enhance your experience

What Are Cookies?

Cookies are small text files stored on your device to enhance your experience, authenticate users, and enable specific functionalities. 

In our Platform, cookies include identifiers, tokens, and preferences stored locally or via webviews within our app.

How We Use Cookies

We use cookies for the following purposes:

  • Authentication & Identification: To identify and authenticate users when they log in.
  • Device & OS Compatibility: To store device and OS details to ensure compatibility with the Platform.
  • Feature Enablement: To enable or disable features like wallets and coupons.
  • Session Management: To maintain session integrity during your journey through WebViews.
  • Performance & User Interaction Analysis: To analyze user interactions and app performance in order to improve the services we provide. 

Categories of Cookies We Use

Based on the product / services the user is interactive with, different cookie attributes will apply, in various aspects.

a. Essential Cookies

These cookies are necessary for the Platform to function and cannot be disabled. They enable core functionalities such as authentication and session management or feature functionality

  • access_token
  • is_access_token_set
  • coupon
  • wallet
  • menu
  • Style

b. Functional Cookies

These cookies enhance your experience by remembering your preferences and enabling specific features.

  • extraHeaders
  • userDetails

In extra headers we store some of the information like LOCALE, X-APP-VERSION, X-APP-VERSION-CODE, X-MOBILE-VERSION, X-PARTNER-APP-VERSION, X_DENSITY, app_version, device_type, isCouponsEnabled, isDebug, isWalletEnabled, menu, showPoweredBy

c. Operational Cookies

  • Fcm-token

These cookies are fulfilling other operational aspects. Eg. Fcm-token is used to send booking related notifications.

d. Analytical Cookies

We do not use any analytical cookies in the extraHeaders or elsewhere on the Platform. Analytical cookies are typically used to track user behavior, gather insights, or measure app performance, but we do not collect or store such data

Cookies Retention 

  • Session Cookies: All our cookies are session-only and are deleted once the WebView or SDK session ends.
  • Persistent Cookies: We do not use persistent cookies.

Cookies Security

All cookies and their associated data are transmitted securely using encryption protocols (e.g., HTTPS). 

Sensitive information, such as JWT tokens, is stored in cookies with the HttpOnly and Secure flags enabled wherever possible.

Third-Party Cookies

We do not use third-party cookies for advertising or tracking. All cookies are first-party, set by our SDKs or webviews to ensure seamless app performance.

Managing Cookies Preferences

On the website : Upon first launch, you will be prompted to accept or customize cookie preferences on the website. Once you have set your preferences, you can again see and update your preferences through the cookie icon shown at the bottom left corner.

In the app : Adjust settings via the app’s Preferences menu or clear app data to reset cookies.

10. Security of Your Personal Data

We are dedicated to protecting your personal data through strong security measures. This includes encrypting your information during storage and transmission, allowing access only to authorized team members, and regularly monitoring our systems to detect and prevent any unauthorized activity. 

We also limit the amount of data we collect, retain it only as long as needed, and ensure our trusted partners follow strict security standards. 

Additionally, we have plans in place to quickly address any issues, ensuring your data remains safe and secure.

11. Updates to This Privacy Notice

We will update this Privacy Notice from time to time. The latest version will always be available on our website. Significant changes will be communicated to you directly only when appropriate.

12. Contact Us

If you have any questions about this Privacy Notice or how we handle your personal data, please contact:

Data Protection Officer (DPO): Siddharth Goyal
Email: siddharth.goyal@gonuclei.com
Address: Sobha Arena The Park, F1-4141, Thalaghattapura PO, Kanakapura Main Road, Uttarahalli Hobli, Bangalore, Karnataka, 560062

Visit this link for our Terms & Conditions